server/site_tests/autoupdate_CatchBadSignatures/autoupdate_CatchBadSignatures.py - mirrors/cros/chromiumos/third_party/autotest - Git at Google

 # Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 from autotest_lib.client.common_lib import error
 from autotest_lib.server.cros.update_engine import update_engine_test


 class autoupdate_CatchBadSignatures(update_engine_test.UpdateEngineTest):
     """Test to verify that update_engine correctly checks payload signatures."""
     version = 1

     # The test image to use and the values associated with it.
     _IMAGE_GS_URL='https://storage.googleapis.com/chromiumos-test-assets-public/autoupdate/autoupdate_CatchBadSignatures.bin'
     _IMAGE_PUBLIC_KEY2='LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFxZE03Z25kNDNjV2ZRenlydDE2UQpESEUrVDB5eGcxOE9aTys5c2M4aldwakMxekZ0b01Gb2tFU2l1OVRMVXArS1VDMjc0ZitEeElnQWZTQ082VTVECkpGUlBYVXp2ZTF2YVhZZnFsalVCeGMrSlljR2RkNlBDVWw0QXA5ZjAyRGhrckduZi9ya0hPQ0VoRk5wbTUzZG8Kdlo5QTZRNUtCZmNnMUhlUTA4OG9wVmNlUUd0VW1MK2JPTnE1dEx2TkZMVVUwUnUwQW00QURKOFhtdzRycHZxdgptWEphRm1WdWYvR3g3K1RPbmFKdlpUZU9POUFKSzZxNlY4RTcrWlppTUljNUY0RU9zNUFYL2xaZk5PM1JWZ0cyCk83RGh6emErbk96SjNaSkdLNVI0V3daZHVobjlRUllvZ1lQQjBjNjI4NzhxWHBmMkJuM05wVVBpOENmL1JMTU0KbVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=='

     def _check_signature(self, expected_log_messages,
                          failure_message, public_key=None):
         """Helper function for updating with a Canned Omaha response.

         @param expected_log_messages: A list of strings that are expected to be
              in the update_engine log.
         @param failure_message: The message for exception to raise on error.
         @param public_key: The public key to be passed to the update_engine.

         """

         # Runs the update on the DUT and expect it to fail.
         self._run_client_test_and_check_result('autoupdate_CannedOmahaUpdate',
                                                image_url=self._IMAGE_GS_URL,
                                                allow_failure=True,
                                                public_key=public_key)

         try:
             self._check_update_engine_log_for_entry(expected_log_messages,
                                                     raise_error=True,
                                                     err_str=failure_message)
         except error.TestFail as e:
             last_error = self._get_last_error_string()
             raise error.TestFail(
                 '%s\nLast update_engine.log error: %s' % (e, last_error))


     def _check_bad_metadata_signature(self):
         """Checks that update_engine rejects updates where the payload
         and Omaha response do not agree on the metadata signature."""

         expected_log_messages = [
                 'Mandating payload hash checks since Omaha Response for '
                 'unofficial build includes public RSA key',
                 'Mandatory metadata signature validation failed']

         self._check_signature(expected_log_messages,
                               'Check for bad metadata signature failed.',
                               public_key=self._IMAGE_PUBLIC_KEY2)


     def _check_bad_payload_signature(self):
         """Checks that update_engine rejects updates where the payload
         signature does not match what is expected."""

         expected_log_messages = [
                 'Mandating payload hash checks since Omaha Response for '
                 'unofficial build includes public RSA key',
                 'Metadata hash signature matches value in Omaha response.',
                 'Public key verification failed, thus update failed']

         self._check_signature(expected_log_messages,
                               'Check for payload signature failed.')


     def run_once(self):
         """Runs the test on a DUT."""

         self._check_bad_metadata_signature()
         self._check_bad_payload_signature()
	# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	from autotest_lib.client.common_lib import error
	from autotest_lib.server.cros.update_engine import update_engine_test


	class autoupdate_CatchBadSignatures(update_engine_test.UpdateEngineTest):
	"""Test to verify that update_engine correctly checks payload signatures."""
	version = 1

	# The test image to use and the values associated with it.
	_IMAGE_GS_URL='https://storage.googleapis.com/chromiumos-test-assets-public/autoupdate/autoupdate_CatchBadSignatures.bin'
	_IMAGE_PUBLIC_KEY2='LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUFxZE03Z25kNDNjV2ZRenlydDE2UQpESEUrVDB5eGcxOE9aTys5c2M4aldwakMxekZ0b01Gb2tFU2l1OVRMVXArS1VDMjc0ZitEeElnQWZTQ082VTVECkpGUlBYVXp2ZTF2YVhZZnFsalVCeGMrSlljR2RkNlBDVWw0QXA5ZjAyRGhrckduZi9ya0hPQ0VoRk5wbTUzZG8Kdlo5QTZRNUtCZmNnMUhlUTA4OG9wVmNlUUd0VW1MK2JPTnE1dEx2TkZMVVUwUnUwQW00QURKOFhtdzRycHZxdgptWEphRm1WdWYvR3g3K1RPbmFKdlpUZU9POUFKSzZxNlY4RTcrWlppTUljNUY0RU9zNUFYL2xaZk5PM1JWZ0cyCk83RGh6emErbk96SjNaSkdLNVI0V3daZHVobjlRUllvZ1lQQjBjNjI4NzhxWHBmMkJuM05wVVBpOENmL1JMTU0KbVFJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg=='

	def _check_signature(self, expected_log_messages,
	failure_message, public_key=None):
	"""Helper function for updating with a Canned Omaha response.

	@param expected_log_messages: A list of strings that are expected to be
	in the update_engine log.
	@param failure_message: The message for exception to raise on error.
	@param public_key: The public key to be passed to the update_engine.

	"""

	# Runs the update on the DUT and expect it to fail.
	self._run_client_test_and_check_result('autoupdate_CannedOmahaUpdate',
	image_url=self._IMAGE_GS_URL,
	allow_failure=True,
	public_key=public_key)

	try:
	self._check_update_engine_log_for_entry(expected_log_messages,
	raise_error=True,
	err_str=failure_message)
	except error.TestFail as e:
	last_error = self._get_last_error_string()
	raise error.TestFail(
	'%s\nLast update_engine.log error: %s' % (e, last_error))


	def _check_bad_metadata_signature(self):
	"""Checks that update_engine rejects updates where the payload
	and Omaha response do not agree on the metadata signature."""

	expected_log_messages = [
	'Mandating payload hash checks since Omaha Response for '
	'unofficial build includes public RSA key',
	'Mandatory metadata signature validation failed']

	self._check_signature(expected_log_messages,
	'Check for bad metadata signature failed.',
	public_key=self._IMAGE_PUBLIC_KEY2)


	def _check_bad_payload_signature(self):
	"""Checks that update_engine rejects updates where the payload
	signature does not match what is expected."""

	expected_log_messages = [
	'Mandating payload hash checks since Omaha Response for '
	'unofficial build includes public RSA key',
	'Metadata hash signature matches value in Omaha response.',
	'Public key verification failed, thus update failed']

	self._check_signature(expected_log_messages,
	'Check for payload signature failed.')


	def run_once(self):
	"""Runs the test on a DUT."""

	self._check_bad_metadata_signature()
	self._check_bad_payload_signature()